fSekrit is a small application for keeping encrypted notes on Windows Systems.

Quote

Overview:

fSekrit is a small application for keeping encrypted notes.

The real advantage of fSekrit is that notes are truly self-contained; the editor program and your note are merged together into a tiny self-contained program file, removing the need to install a special application to view your data.

Another advantage of using fSekrit is that your un-encrypted data is never stored on your harddisk. With a traditional encryption utility you would have to decrypt your file to disk, view or edit it, and then re-encrypt it, and unless you use secure file wiping tools, it would be a trivial matter for someone to to retrieve your un-encrypted data, even though you have deleted it. This can't be done with fSekrit, though, since it never stores your un-encrypted data on disk.

fSekrit uses very strong encryption (256-bit AES/Rijndael in CBC mode) to ensure that your data is never at risk.

fSekrit started as a request on the excellent DonationCoder.com forum.

The AES code is from Dr. Brian Gladman, who is the De Facto standard source when it comes to AES encryption code. Many thanks to Brian for publishing his source code, and for having a nice license. Speaking about license, the AES code is Copyright (c) 2003, Dr Brian Gladman, Worcester, UK. All rights reserved.

Your unencrypted data is never stored to disk by fSekrit. It is, however, stored in memory (otherwise you wouldn't be able to view or edit it :-)). This means that windows, in case of low memory, might choose to swap it out to disk, in which case a malicious hacker with access to your computer could snoop it from your paging file. So, avoid running fSekrit in low-memory situations (i.e. don't keep it open while playing 3D games or using photoshop).

The 256-bit AES encryption key is constructed directly as an SHA-256 hash of your passphrase.

When you use file->save, some tricks have to used, since windows will not let an application write to it's own .exe file (or in fact any .exe file that is currently running). Thus, fSekrit makes a copy of itself with the newly saved data, launches this temp file that copies itself to the main file, and launch the main file again to delete the temp file. This is why the main window goes in and out of existance briefly when you save.

To avoid re-entering your passphrase every time you save, fSekrit passes your encryption key on the commandline. But note that your passphrase is never passed on the commandline, so simple snooping cannot reveal it. A skilled malicious person *could* theoretically snoop the key and use it to decrypt your data though, so be cautious when running fSekrit on systems you don't trust. However if you are using a computer you don't trust then there are more serious risks to worry about, such as the possibility that there are keyloggers running, which would record your passphrase without the complexity that key snooping would require.

The fSekrit executable is compressed using Jeremy Collake's PECompact2, which chopped merrily away at the original ~76k filesize before compression.

To identify whether a correct passphrase has been entered, a SHA-256 hash of the original plaintext is stored in the file header. This is not a security risk as your data cannot be reconstructed from the hash.

Thanks to Olivier Langlois for his CHyperLink class.

License:

This software is provided 'as is' with no explicit or implied warranties in respect of its properties, including, but not limited to, correctness and/or fitness for purpose.

fSekrit is copyrighted freeware, and you are not allowed to modify or reverse engineer it. You're free to redistribute it, as long as it is kept in original, unaltered form, including this text document. I'd appreciate that you drop me a note if you re-distribute it.